US8051263B2 - Configurable memory protection - Google Patents

Configurable memory protection Download PDF

Info

Publication number
US8051263B2
US8051263B2 US11/744,573 US74457307A US8051263B2 US 8051263 B2 US8051263 B2 US 8051263B2 US 74457307 A US74457307 A US 74457307A US 8051263 B2 US8051263 B2 US 8051263B2
Authority
US
United States
Prior art keywords
memory
region
sub
memory protection
implementations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US11/744,573
Other versions
US20080276051A1 (en
Inventor
Erik Knutsen Renno
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Atmel Corp
Original Assignee
Atmel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Atmel Corp filed Critical Atmel Corp
Priority to US11/744,573 priority Critical patent/US8051263B2/en
Assigned to ATMEL CORPORATION reassignment ATMEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RENNO, ERIK KNUTSEN
Priority to PCT/US2008/061175 priority patent/WO2008137316A1/en
Priority to TW097116389A priority patent/TW200903255A/en
Publication of US20080276051A1 publication Critical patent/US20080276051A1/en
Application granted granted Critical
Publication of US8051263B2 publication Critical patent/US8051263B2/en
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. AS ADMINISTRATIVE AGENT reassignment MORGAN STANLEY SENIOR FUNDING, INC. AS ADMINISTRATIVE AGENT PATENT SECURITY AGREEMENT Assignors: ATMEL CORPORATION
Assigned to ATMEL CORPORATION reassignment ATMEL CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT COLLATERAL Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT reassignment JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ATMEL CORPORATION
Assigned to JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT reassignment JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ATMEL CORPORATION, MICROCHIP TECHNOLOGY INCORPORATED, MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC.
Assigned to WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT reassignment WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ATMEL CORPORATION, MICROCHIP TECHNOLOGY INCORPORATED, MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT reassignment JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ATMEL CORPORATION, MICROCHIP TECHNOLOGY INC., MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC.
Assigned to ATMEL CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC., MICROSEMI CORPORATION, MICROCHIP TECHNOLOGY INC. reassignment ATMEL CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A, AS ADMINISTRATIVE AGENT
Assigned to WELLS FARGO BANK, NATIONAL ASSOCIATION reassignment WELLS FARGO BANK, NATIONAL ASSOCIATION SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ATMEL CORPORATION, MICROCHIP TECHNOLOGY INC., MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC.
Assigned to WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT reassignment WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ATMEL CORPORATION, MICROCHIP TECHNOLOGY INCORPORATED, MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC.
Assigned to WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT reassignment WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ATMEL CORPORATION, MICROCHIP TECHNOLOGY INCORPORATED, MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC.
Assigned to MICROCHIP TECHNOLOGY INCORPORATED, SILICON STORAGE TECHNOLOGY, INC., ATMEL CORPORATION, MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC. reassignment MICROCHIP TECHNOLOGY INCORPORATED RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT
Assigned to ATMEL CORPORATION reassignment ATMEL CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT
Assigned to MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC., MICROCHIP TECHNOLOGY INCORPORATED, ATMEL CORPORATION, SILICON STORAGE TECHNOLOGY, INC. reassignment MICROSEMI CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT
Assigned to MICROSEMI CORPORATION, MICROCHIP TECHNOLOGY INCORPORATED, SILICON STORAGE TECHNOLOGY, INC., MICROSEMI STORAGE SOLUTIONS, INC., ATMEL CORPORATION reassignment MICROSEMI CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT
Assigned to MICROCHIP TECHNOLOGY INCORPORATED, SILICON STORAGE TECHNOLOGY, INC., ATMEL CORPORATION, MICROSEMI CORPORATION, MICROSEMI STORAGE SOLUTIONS, INC. reassignment MICROCHIP TECHNOLOGY INCORPORATED RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT
Assigned to MICROCHIP TECHNOLOGY INCORPORATED, MICROSEMI STORAGE SOLUTIONS, INC., SILICON STORAGE TECHNOLOGY, INC., ATMEL CORPORATION, MICROSEMI CORPORATION reassignment MICROCHIP TECHNOLOGY INCORPORATED RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0888Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches using selective caching, e.g. bypass

Definitions

  • This document relates generally to electrical circuits.
  • Controlling memory access may prevent data or instructions from being corrupted or inadvertently overwritten by poorly written or malicious program code.
  • a portion of memory may be dedicated to an operating system, and that portion of memory may only be accessible to a processor when the processor is operating in a supervisor mode to prevent malicious code from corrupting the operating system.
  • some portions of memory may be designated as either cacheable or not cacheable, and other portions of memory may be designated as bufferable or not bufferable. Access to these designated portions of memory may also be controlled to prevent unexpected results.
  • a method includes receiving a signal associated with an attempted access to data that is stored at a specific location in memory; obtaining a selection value that selects which memory protection register of multiple alternative memory protection registers is to provide a memory protection attribute for the specific location in memory; obtaining, from the selected memory protection register, a memory protection attribute; and controlling access to the specific location in memory based on the obtained memory protection attribute.
  • the method can further include determining a region and a sub-region associated with the specific location in memory. Determining the region associated with the specific location in memory can include comparing an address associated with the specific location to address values stored in one or more address registers. Determining the region associated with the specific location in memory can include comparing an address associated with the specific location to size values stored in the one or more address registers. Determining the sub-region associated with the specific location in memory can include selecting a sub-region from a plurality of sub-regions in a determined region based on the address associated with the specific location and a size of the determined region.
  • Obtaining the selection value can include determining a specific portion of a selection register from which to obtain the selection value based on a determined sub-region.
  • the obtained memory protection attribute can specify whether contents of the specific location in memory are to be bufferable.
  • the obtained memory protection attribute can specify whether contents of the specific location in memory are to be cacheable.
  • the obtained memory protection attribute can specify whether contents of the specific location in memory are to be accessible to an execution unit in its current mode of operation, wherein the current mode of operation is selected from the group consisting of a non-privileged mode of operation and a privileged mode of operation.
  • Specifying whether contents of the specific location in memory are to be accessible can include specifying whether contents of the location in memory can be read from, written to or executed.
  • a method of controlling access to memory can include receiving a request for access to data that is stored at a specific location in memory; obtaining a selection value that selects which memory protection register of multiple alternative memory protection registers is to provide a memory protection attribute for the specific location in memory; obtaining, from the selected memory protection register, a memory protection attribute; and granting the request for access when the obtained memory protection attribute indicates that access is to be granted, and denying the request for access when the obtained memory attribute indicates that access is to be denied.
  • the method can further include receiving a parameter that identifies a type of access requested.
  • an embedded device includes, within a single device package, an execution unit configurable to execute program instructions; one or more memories that are configurable to store data and program instructions to be executed by the execution unit; and a memory protection unit that is configurable to receive a signal from the execution unit requesting access to a specific location in the one or more memories.
  • the memory protection unit includes two or more alternative memory parameter registers and a parameter selection register. The memory parameter selection register can be configurable to provide a value that causes one of the two or more alternative memory parameter registers to be selected, and the memory protection unit can be configurable to control access to the specific location based on one or more values stored in the selected one of the two or more alternative memory parameter registers.
  • controlling access includes selectively granting or denying the request for access. In some implementations, controlling access includes selectively enabling or disabling buffering of contents of the specific location in the one or more memories. In some implementations, controlling access includes selectively enabling or disabling caching of contents of the specific location in the one or more memories. In some implementations, controlling access includes selectively allowing the execution unit to access the specific location or issuing an exception to the execution unit that prevents the execution unit from accessing the specific location.
  • FIG. 1 is a block diagram of an example system that includes a memory protection unit that provides multiple alternative sets of memory protection attributes.
  • FIG. 2 is an example memory map of memory that can be included in the system of FIG. 1 .
  • FIG. 3 illustrates an example of dividing memory into regions and sub-regions.
  • FIG. 4 is a diagram of example registers that can be associated with sub-regions.
  • FIGS. 5A and 5B are block diagrams of example first and second sets of alternative memory protection attributes.
  • FIG. 6 is a block diagram of an example memory protection unit.
  • FIG. 7 is a flow diagram of an example method for determining memory parameters for a sub-region in memory.
  • a device can include a memory protection unit that facilitates protection of individual portions of corresponding memory.
  • Some memory protection units can support the configuration of various regions and sub-regions within an overall memory map, where each region or sub-region can have its own memory protection attributes (e.g., attributes that determine whether memory in the corresponding region or sub-region is cacheable, bufferable or accessible for one or more of reading, writing or executing).
  • each region can correspond to both a first alternative set of memory protection attributes and a second alternative set of memory protection attributes, and the memory protection unit can dynamically select (e.g., when a memory access is initiated) either memory protection attributes from the first alternative set or memory protection attributes from the second alternative set in determining whether to allow or inhibit the memory access.
  • more than two sets of alternative memory protection attributes may be available. For example, some implementations include three, four, eight, or some other number of sets of alternative memory protection attributes.
  • FIG. 1 is a block diagram of an example system 100 that includes a memory protection unit 102 that provides multiple alternative sets of memory protection attributes.
  • the memory protection unit 102 is shown in a microcontroller 103 that also includes an execution unit 104 and memory 107 .
  • the microcontroller 103 could be, for example, a member of the Atmel AVR32 family of microcontrollers.
  • the memory protection unit could be part of a memory device, a stand-alone controller device, or another device other than a microcontroller.
  • various input/output resources are also provided (not shown in FIG. 1 ), and can be mapped to addresses within an overall memory map. In such implementations, use of input/output resources can also be controlled by the memory protection unit 102 .
  • Memory 108 is also included in the system 100 and is shown external to the microcontroller 103 .
  • the memory 108 is included in the same package as the microcontroller 103 .
  • One or more buses 109 can be used for memory and data transfers between the memory 108 and the microcontroller 103 .
  • one bus 109 a can be used for instructions and another bus 109 b can be used for data.
  • the execution unit 104 can execute program instructions that are stored in the memory 108 . Execution of other program instructions can cause data to be retrieved from the memory 108 , manipulated in some manner by the execution unit 104 or stored in the memory 108 .
  • the memory protection unit 102 can be used to control the above-described operations.
  • the memory protection unit 102 can employ memory protection attributes to determine whether program instructions from a particular portion of memory 108 can be executed, or whether data can be read from or written to other portions of memory 108 .
  • the memory protection unit 102 can be employed to control whether data or instructions in various portions of memory 108 are bufferable or cacheable. For example, as shown in FIG.
  • the data path can include one or more caches or buffers (e.g., instruction cache 124 , data cache 126 , instruction buffer 123 , data buffer 128 ) included in memory 107 , and the memory protection unit 102 can control whether data or instructions in various portions of memory 108 can be stored in or flow through one of the caches or buffers included in the memory 107 .
  • caches or buffers e.g., instruction cache 124 , data cache 126 , instruction buffer 123 , data buffer 128 .
  • attributes of different portions of memory 108 can be applied to configurable regions or sub-regions of fixed or variable size that can be configurable through the memory protection unit 102 .
  • the memory protection unit 102 can include registers 110 , which can be configured to specify a location for each memory region or sub-region within a device's overall memory map.
  • each region has a start address and size, based on values in a corresponding configuration register.
  • each region has a start address and an ending address, which can be configured through a corresponding register or registers.
  • each region has its own dedicated register or registers that characterize the region within the overall memory map.
  • Each region can further include sub-regions.
  • a fixed number of sub-regions e.g., three, four, eight, sixteen or some other number
  • a fixed number of sub-regions may be distributed in a different manner.
  • each region may include some sub-regions of a first size and other sub-regions of a second size.
  • the number and distribution of sub-regions within a region can also be configurable through values in corresponding registers.
  • registers can store memory protection attributes that are applied to the various regions and sub-regions.
  • one or more registers can store values that specify whether particular regions or sub-regions are accessible for read, write or execution access (e.g., accessibility parameters).
  • One or more other registers can store values that specify whether contents of particular regions or sub-regions can be buffered (e.g., bufferability parameters).
  • One or more other registers can store values that specify whether contents of particular regions or sub-regions can be cached (e.g., cacheability parameters).
  • the memory protection unit 102 includes a first set of memory protection attributes (e.g., “A” attributes 130 ) and a second set of memory attributes (e.g., “B” attributes 132 ).
  • Each set of memory protection attributes 130 or 132 can include attributes that specify accessibility parameters for each region and sub-region, attributes that specify bufferability parameters for each region and sub-region, and attributes that specify cacheability parameters for each region and sub-region.
  • other memory attributes can be included in each set.
  • Implementations that include multiple alternative sets of memory protection attributes can include a mechanism for specifying which of the multiple alternative sets of memory protection attributes are to be applied to specific regions or sub-regions.
  • some implementations include a selection register (or a selection field within a register) for each sub-region of memory, which specifies which of the alternative sets of memory protection attributes are to be applied to the corresponding sub-region.
  • the memory protection unit includes one selection register for each region of memory, and each selection register includes a field for each sub-region within the region. Each field can store a value that uniquely identifies one of the alternative sets of memory protection attributes.
  • the memory protection unit 102 can be employed each time a memory access attempt or request is made (e.g., by the execution unit 104 executing program instructions). For example, if the execution unit 104 executes a read instruction directed to a specific address in instruction memory 114 , the memory protection unit 102 can identify a configured region and sub-region (e.g., a region or sub-region within the memory map that is characterized by values in the registers 110 ) that includes the specific address. The memory protection unit 102 can then determine which set of memory protection attributes (e.g., memory protection attributes 130 or 132 ) are to be applied to the relevant region and sub-region.
  • memory protection attributes e.g., memory protection attributes 130 or 132
  • the memory protection unit 102 can determine whether to allow or inhibit the memory access. In some implementations, the memory protection unit 102 inhibits a memory access by asserting an exception signal 134 that triggers an exception handler 112 within the execution unit 104 .
  • a current mode of the execution unit is relevant in determining whether a memory access is to be permitted. For example, certain regions or sub-regions that are configured to cover the instruction memory 114 may only be accessible to the execution unit 104 when the execution unit is in a supervisory mode (e.g., as it may be when executing operating system instructions). Accordingly, the memory protection unit 102 may receive input from the execution unit 104 that specifies a current mode, which can, in some implementations, be used in conjunction with appropriate memory protection attributes in determining whether a memory access is to be allowed or inhibited.
  • the system 100 can include one or more caches (e.g., the data cache 126 or instruction cache 124 ) and one or more buffers (e.g., the instruction buffer 123 or the data buffer 128 ).
  • the memory protection unit 102 can also control whether data can be stored in or pass through a cache or buffer, or whether data is to bypass a cache and/or buffer.
  • Some implementations employ caches and buffers to improve performance of a system, for example, where one or more aspects of a memory system are slower than the corresponding execution unit 104 .
  • a fast cache e.g., data cache 126
  • an instruction buffer 123 can be employed to store multiple instructions retrieved from a relatively slow memory device, such as an instruction ROM.
  • the memory protection unit 102 can be employed to enforce buffer or cache parameters for particular regions or sub-regions of memory.
  • FIG. 1 depicts a Harvard architecture, in which instructions and data have separate data paths.
  • a memory protection unit can be employed within a von Neumann architecture, in which data and instructions travel over the same data path.
  • the overall arrangement of components can be different.
  • the memory protection unit 102 can be included within the execution unit 104 .
  • cache and buffers can be included in the execution unit 104 in some implementations.
  • buffers can be included in individual memory devices.
  • the memory protection unit 102 can be a separate device that is external to the device that includes the execution unit 104 .
  • cache can be implemented by stand-alone devices, separate from the device that includes the execution unit 104 .
  • more than one memory protection unit can be provided.
  • one memory protection unit can be provided for the instruction path of a Harvard architecture-based device, and a second memory protection unit can be provided for the data path of the device.
  • FIG. 1 is a non-limiting example of one architecture, but various other architectures can be employed without departing from the spirit of this document.
  • the memory system 107 and 108 can include various kinds of memory devices, each of which can be used for different purposes (e.g., instructions, long-term data storage, scratch pad data storage, etc.), and each of which can have different specifications and operating parameters (e.g., width, size, speed, etc.).
  • the example in FIG. 1 depicts ROM, SRAM, DRAM and EEPROM devices.
  • Other implementations can include different kinds of memory (e.g., NVRAM, Flash, etc.) and different arrangements of the memory.
  • FIG. 2 is an example memory map 200 of the memory included in the system 100 shown in FIG. 1 .
  • the memory map 200 defines an address space for various memory types, including but not limited to: ROM 118 , SRAM 140 and 142 , DRAM 144 , internal SRAM 141 (e.g., internal registers), EEPROM 122 , and memory mapped I/O 202 .
  • the memory map 200 can be a map of a flat, unsegmented memory space controlled by memory protection unit 102 .
  • ROM 118 can be included in the instruction memory 114 .
  • the ROM 118 includes application program instructions that can be executed by the execution unit 104 .
  • SRAM 140 can also be included in instruction memory 114 .
  • the SRAM 140 includes application program instructions that may be separately loaded into the instruction memory 114 and used for a debugging mode or other type of special execution mode of the system 100 .
  • SRAM 142 , DRAM 144 and EEPROM 122 can be included in the data memory 108 .
  • SRAM 142 and DRAM 144 include data values used by application programs executed by the microcontroller 103 .
  • EEPROM 122 is used to store configuration values for a microcontroller based system.
  • the EEPROM 122 includes configuration values for peripheral devices included in the microcontroller based system. The use of EEPROM 122 to store configuration values can allow, for example, the values to be customized by a user for each system in which the microcontroller may be included.
  • FIG. 3 illustrates an example division of the memory 108 into regions that can include sub-regions, each of which can have different memory protection attributes.
  • a protection region 302 can be configured to include a portion of the ROM 118 , and the protection region 302 can include sub-regions 304 , 306 , 308 , and 310 .
  • a memory protection unit address register 322 (MPUAR 0 ) can be associated with region 302 . In one implementation, as shown, the address register 322 can be configured to define the start address and size of the protection region 302 .
  • a second, memory protection unit address register 324 (MPUAR 1 ) can define the start address and size of a second protection region 312 that, as shown, includes a portion of the DRAM 144 and has sub-regions 314 , 316 , 318 , and 320 .
  • protection regions can cover other areas of memory shown in the memory map 200 .
  • the number of protection regions that can be included in the memory space of a microcontroller e.g., memory space mapped by the memory map 200
  • a user may program such configuration register(s) with a selected number of regions.
  • the memory space is divided into eight regions.
  • the memory space can be divided into sixteen or some other number of regions.
  • FIG. 3 illustrates two regions in the memory space mapped by memory map 200 .
  • the protection regions can be of different sizes.
  • the size of each region is characterized by a corresponding address register.
  • the size of region 312 can be specified by size bits 326 in address register 324 .
  • the size of region 302 can be specified by size bits 328 in address register 322 .
  • memory regions can be defined to cover the entire memory map 200 .
  • memory regions may be defined that only cover a portion of the memory map 200 .
  • the memory protection unit 102 can optionally be configured to disable access to memory outside of defined protection regions (e.g., by causing an exception).
  • all memory is accessible, with unprotected regions being directly accessible, while memory protection attributes or protected regions are employed to enforce corresponding protection strategies.
  • the address register associated with each region includes the base address for the start of the protection region in memory.
  • the start in memory of region 312 is specified by the base address 330 bits in address register 324 .
  • the start of region 302 is specified by the base address bits 332 in address register 322 .
  • a region can range in size from 4 kBytes to 4 GBytes.
  • the size of the region can be a power of two.
  • the start address of the region (the base address) can be an integer multiple of the region size. For example, if the region is 8 kBytes, the 13 lowest bits of the start address may be implicitly set to zero.
  • the size of a region can be specified by providing an end address for the region which can be included in an additional address register, for example, that can be associated with the region.
  • the base address need not be an integer multiple of the region size.
  • each address register also includes a valid bit (e.g., valid bits 323 and 325 ).
  • the valid bit can specify if the protection region is valid.
  • memory protection attributes are only applied to valid regions. If a region is not valid, no memory accesses may be deemed to map to the region.
  • each region can be divided into a number of sub-regions.
  • region 312 includes four sub-regions 314 , 316 , 318 , and 320 .
  • the number of sub-regions included in a region can be another number that may be a power of two, which may divide the region into equal portions.
  • the size of region 312 is 8 kBytes. Since region 312 includes four sub-regions 314 , 316 , 318 , and 320 , each sub-region's size is equal to 2 kBytes in this example.
  • a region can include eight or sixteen sub-regions, or some other number that may or may not be a power of two.
  • each region has associated with it a select register, whose contents specify which set of multiple alternative sets of memory protection attributes are to be applied to the region or to sub-regions within the region.
  • region 312 has associated with it memory protection unit permission select register 334 (MPUPSR 1 ) and region 302 has associated with it memory protection unit permission select register 336 (MPUPSR 0 ).
  • Each select register can be divided into n fields that correspond to n sub-regions of the region, for example, to provide additional granularity in memory attribute configurability.
  • Each field can specify which of multiple alternative sets of memory protection attributes are to be applied to a corresponding sub-region.
  • select register 334 includes four fields— 337 , 338 , 340 , and 342 —which correspond to sub-regions 320 , 318 , 316 , 314 , respectively.
  • each field specifies whether the “A” alternative set of memory protection attributes are to be applied to the corresponding sub-region, or whether the “B” set of memory protection attributes are to be applied to the corresponding sub-region.
  • field 337 specifies that “A” attributes are to be applied to sub-region 320 ; field 338 specifies that “B” attributes are to be applied to sub-region 318 ; and so on.
  • each region has its own select registers, a specific set of alternative memory protection attributes can be individually assigned to each sub-region, within each region in the memory map, providing in these implementations, considerable flexibility in memory protection.
  • a select register includes eight fields for eight sub-regions. In other implementations, a select register includes sixteen fields for sixteen sub-regions. In some implementations, each field of the select register can include multiple bits to allow more sets of properties to be supported. For example, if the fields in the register 334 or 336 included two bits, four sets of memory property registers could be supported. In some implementations, additional memory properties can be supported with the inclusion of additional memory property registers for each register set supported by the specific implementation. In the example of FIG. 3 , each region is divided into the same number of sub-regions. In other implementations, each region may be divided into a different number of sub-regions.
  • FIG. 4 is a diagram of example registers that can be associated with the various regions and sub-regions that are shown in FIG. 3 .
  • FIG. 4 illustrates sample memory protection unit cacheability registers 402 a (MPUCRA) and 402 b (MPUCRB) that can specify alternative cacheability parameters for each region (e.g., fields 404 a and 416 a can specify alternative cacheability parameters for the first region 302 ; fields 405 a and 417 a can specify alternative cacheability parameters for the second region 312 ; etc.); sample memory protection unit bufferability registers 406 a (MPUBRA) and 406 b MPUBRB) that can specify alternative bufferability parameters for each region; and sample memory protection unit access permission registers 410 a (MPUAPRA) and 410 b (MPUAPRB) that can specify alternative access permissions for each region.
  • MPUCRA sample memory protection unit cacheability registers 402 a
  • MPUCRB sample memory protection unit cacheability registers 402 a
  • MPUCRB sample memory protection
  • the sample cacheability register 402 a , bufferable register 406 a , and the access permission register 410 a make up a first set of alternative memory protection parameters (e.g., the “A” register set 130 , as shown in FIG. 1 ).
  • a second alternative set of memory protection parameters (e.g., the “B” register set 132 , as shown in FIG. 1 ) can include a second memory protection unit cacheable register 402 b (MPUCRB), a second memory protection unit bufferable register 406 b (MPUBRB), and a second memory protection unit access permission register 410 b (MPUAPRB). Additional alternative sets of memory protection attributes can be included but are not shown in FIG. 4 .
  • a select register (e.g., the select register 336 ) can be used to select which of the alternative sets of memory protection attributes are to be applied to a specific sub-region within the region corresponding to the select register.
  • the select register 336 includes four fields: 344 , 346 , 348 , 350 —each of which is associated with sub-regions 310 , 308 , 306 , and 304 , respectively.
  • field 348 the third field of select register 336 , can specify that memory parameters in the “A” register set 130 are to be applied to the third sub-region 306 of the first region (e.g., rather than memory protection parameters from register set “B”).
  • cacheability parameters from the “A” register set 130 e.g., from the register 402 a
  • bufferability parameters from the “A” register set 130 e.g., from the register 406 a
  • access permission parameters from the “A” register set 130 e.g., from the register 410 a
  • each of the parameter registers are themselves divided into as many fields as there are regions.
  • the particular field that supplies a memory parameter for a particular region corresponds to the number of the particular region. That is, in a cacheability register having four fields, the third field supplies cacheability parameters for the third region; the second field supplies cacheability parameters for the second region; and so on.
  • the cacheability register 402 a includes four fields, one field for each region.
  • the first field in the cacheability register 402 a , field 404 a can specify a first alternative cacheability parameter for region 302 .
  • a field 404 a value equal to “1” can specify, for example, that, when the “A” set of parameters is selected for a given sub-region, the region 302 (in particular, the corresponding sub-region of region 302 ) is cacheable.
  • Bufferability register 406 a also includes four fields, one field for each region. The first field in the bufferability register 406 a , field 404 b , can specify a first alternative bufferability parameter of region 302 .
  • a field 404 b value equal to “0” can specify, for example, that, when the “A” set of parameters is selected for a given sub-region, the region 302 (in particular, the corresponding sub-region of region 302 ) is not bufferable.
  • Access permission register 410 a also includes four fields, one field for each region.
  • the first field in the access permission register 410 a , field 404 c can specify a first alternative set of access permissions of region 302 .
  • a field 404 c value equal to “0100” can specify, for example, that, when the “A” set of parameters is selected for a given sub-region, the region 302 (in particular, the corresponding sub-region of region 302 ) is read-only.
  • a second set of alternative memory parameters can be provided by cacheability register 402 b , bufferability register 406 b and access permission register 410 b .
  • the first fields of these registers, 416 a , 416 b and 416 c can respectively specify second alternative cacheability, bufferability and access permission parameters for the first region 302 .
  • a field in the first region's select register e.g., MPUPSR 0 336 ) can select which set of alternative parameters are to be applied to a corresponding sub-region.
  • field 344 specifies that “B” memory parameters (e.g., parameters specified by fields 416 a , 416 b and 416 c ) are to be applied to the first sub-region of the first region; as another example, field 348 specifies that “A” memory parameters (e.g., parameters specified by fields 404 a , 404 b and 404 c ) are to be applied to the third sub-region of the first region.
  • “B” memory parameters e.g., parameters specified by fields 416 a , 416 b and 416 c
  • field 348 specifies that “A” memory parameters (e.g., parameters specified by fields 404 a , 404 b and 404 c ) are to be applied to the third sub-region of the first region.
  • the above-described arrangement and scheme for decoding memory parameters provides considerable flexibility in configuring memory protection.
  • the value of an access permission field can specify different access permissions, depending on a privilege mode associated with the execution unit. For example, with reference to the table of example encoded values for other access permission modes, shown below, a value of “0001” can specify read and execute access to a region when the execution unit is in a supervisory mode; but the same value can specify no access if the execution unit is in a normal mode. Other values are provided in the table below as non-limiting examples of various combinations of access permissions that can be stored in the access permission registers 410 a and 410 b .
  • Permission in Permission in privileged mode non-privileged mode Encoded value (e.g., supervisory mode) (e.g., normal mode) 0000 Read None 0001 Read/Execute None 0010 Read/Write None 0011 Read/Write/Execute None 0100 Read Read 0101 Read/Execute Read/Execute 0110 Read/Write Read/Write 0111 Read/Write/Execute Read/Write/Execute 1000 Read/Write Read 1001 Read/Write Read/Execute 1010 None None Other UNDEFINED UNDEFINED
  • FIG. 5A is a diagram of example aggregate memory parameters (e.g., access, bufferability and cacheability parameters) for the “A” register set 130 based on example bit encodings for each field of the corresponding registers.
  • example parameters that are encoded by the fields of the cacheability register 402 a , the bufferable register 406 a , and the access permission register 410 a are depicted in FIG. 5A .
  • the memory parameters 508 which correspond to the first region 302 , are specified in this example by corresponding first fields 404 a , 404 b and 404 c in the cacheability, bufferability and access permission registers, respectively.
  • FIG. 5B is a diagram of example aggregate memory parameters for the “B” register set 132 .
  • memory parameters 516 are specified by fields 416 a , 416 b and 416 c . These fields also specify memory parameters for the first region 302 , but for the “B” register set. Thus, the memory 516 parameters would be active in a sub-region of the first region whose select register field specifies the “B” set of memory parameters (e.g., as depicted in FIG. 4 , the first and second sub-regions, as specified by fields 344 and 346 ).
  • each region can have its own select register (such as the select register 336 , corresponding to region 0 ); thus, considerable flexibility is possible within the above-described memory protection scheme. Moreover, some implementations support more than two sets of alternative memory protection parameters (e.g, by increasing the number of bits in various fields of the registers), thereby providing additional flexibility.
  • FIG. 6 is a block diagram showing additional details of an example memory protection unit.
  • the execution unit 104 shown in FIG. 1 , can generate an address (ADDR 602 ).
  • a region hit check module 604 can identify the region and sub-region to which the memory access of address ADDR 602 maps. This can be determined, for example, by comparing the address to each of the address registers. More specifically, the address can be compared to a starting address and size in each address register to determine which region the address maps to.
  • the region hit check module 604 can identify the sub-region.
  • a “multi” exception signal 608 can be asserted and the memory access may be aborted or inhibited.
  • a priority scheme can be applied to select one of multiple overlapping regions to which a generated address maps. If the address maps to no region, a “none” exception signal 606 can be asserted, in some implementations, and the memory access may not be performed. In particular, for example, the exception signal can be sent to the exception handler 112 to be handled by the execution unit 104 . In other implementations, accesses to memory regions that are not protected may simply be allowed to proceed.
  • the memory protection unit 102 can identify and enforce memory protection parameters associated with the identified sub-region.
  • a select register that corresponds to the identified region e.g., the first select register, MPUPSR 0 336
  • MPUPSR 0 336 can be used to identify which of the alternative sets of memory protection attributes are to be applied to the sub-region of memory being accessed.
  • a field within the select register (e.g., the third field) that corresponds to the position of the identified sub-region (e.g., the third sub-region) can be used to identify which of the alternative sets of memory protection attributes are to be applied.
  • the third field of the select register 336 (field 348 ) specifies the “A” set of alternative memory protection attributes (e.g., attributes 508 specified by fields 404 a , 404 b and 404 c ). As depicted in one implementation in FIG. 6 , this field can be used to control a multiplexer 610 that can route the appropriate set of alternative memory protection attributes to a privilege check module 616 .
  • the privilege check module 616 can apply the alternative memory protection attributes provided to it in order to determine whether to allow or inhibit the memory attempted memory access. For example, the privilege check module 616 can issue various control signals and exception signals to enforce a memory protection scheme. In particular, as one example, the privilege check module 616 can assert an instruction protection exception signal (“iprot” 624 ) if an attempted access to instruction memory violates the relevant protection scheme, and the privilege check module 616 can assert a similar data protection exception signal (“dprot” 626 ) if an attempted access to data memory violates the relevant protection scheme. In some implementations, such exception signals can be routed to an exception handler, such as the exception handler 112 that is shown in FIG. 1 .
  • an exception handler such as the exception handler 112 that is shown in FIG. 1 .
  • the privilege check module 616 can assert control signals to enable or disable instruction or data caches (“icach” 628 and “dcach” 630 , respectively) or to enable or disable instruction or data buffers (“ibuf” 631 and “dbuf” 632 , respectively).
  • the privilege check module 616 includes additional inputs which can be used in enforcing a memory protection policy.
  • the privilege check module 616 can receive a signal 618 that indicates whether the execution unit is in a privileged or supervisory mode, a signal 620 that indicates whether the attempted memory access is a write or a read, and a signal 622 that indicates whether memory access is directed to instruction or data memory (e.g., in a Harvard-architecture device).
  • a memory protection unit can include two or more channels (e.g., one for instruction fetches and one for data access).
  • the channels can be implemented by two separate memory protection units; in other implementations, the two channels can be implemented by a single memory protection unit.
  • FIG. 7 is a flow diagram of an example method 700 for enforcing memory protection parameters for a sub-region in memory.
  • the method 700 can start, for example, when the execution unit 104 generates a request for a memory access at a specific address (ADDR) (box 702 ).
  • a memory protection unit control register (not shown in the previous figures) can be checked to determine whether memory protection is enabled (box 704 ). If memory protection (e.g., address checking) is disabled, the method 700 can end; and if address checking is enabled, the method 700 continues.
  • a region in memory can be identified based on the address value, ADDR (box 706 ).
  • the region hit check module 604 shown in FIG. 6 , can identify which region and sub-region the memory access at ADDR 602 maps to (boxes 706 and 708 ) using the values in the address registers.
  • the region hit check module 604 can determine, in box 710 , if the address maps to a valid region (e.g., to exactly one region, in some implementations).
  • exception signals can be asserted ( 711 ) to the exception handler 112 , causing, in one implementation as shown, the access to be aborted or inhibiting, and causing the method 700 to end; if the address is valid, the method 700 can continue.
  • Appropriate memory protection attributes can be identified.
  • an appropriate set of alternative memory protection attributes can be identified, and specific protection attributes within the set can be obtained (e.g., based on value(s) in an appropriate selection register), and other values in appropriate fields of corresponding cacheability, bufferability and access permission registers can be obtained (box 712 ).
  • a region to which the address maps can be associated with a select register (e.g., register 336 ).
  • the field in the select register corresponding to the sub-region to which the address maps can specify the appropriate alternative set of memory parameters (e.g., the “A” register set 130 or the “B” register set 132 ), from which specific memory properties for the sub-region can be drawn.
  • the memory properties for the sub-region can be provided by fields in the various corresponding memory protection registers (e.g., a cacheability register, a bufferability register and an access permissions register) that correspond to the region.
  • the privilege check module 616 can then determine (box 722 ) whether the attempted access is allowed by the implemented memory protection policy. If so, the memory access can be allowed (box 724 ). If the attempted access is not allowed by the implemented memory protection policy, the memory access can be blocked or inhibited, and the memory protection unit may additionally generate an exception (box 726 ).
  • the current microcontroller privilege level is relevant to determining whether an attempted access is allowed. Whether the memory access is an attempted write or an attempted read, and whether the access is directed to instruction or data memory may also be relevant to determining whether an attempted access is allowed. If any of privilege, access type or access target (e.g., data memory or instruction memory) are relevant to a memory protection scheme, this information can also be identified (identification not shown in FIG. 7 ).

Abstract

A method can include receiving a signal associated with an attempted access to data that is stored at a specific location in memory; obtaining a selection value that selects which memory protection register of multiple alternative memory protection registers is to provide a memory protection attribute for the specific location in memory; obtaining, from the selected memory protection register, a memory protection attribute; and controlling access to the specific location in memory based on the obtained memory protection attribute.

Description

TECHNICAL FIELD
This document relates generally to electrical circuits.
BACKGROUND
In processor-based systems that execute program instructions that process data, where either or both of instructions and data are stored in memory, it can be advantageous to control memory access. Controlling memory access may prevent data or instructions from being corrupted or inadvertently overwritten by poorly written or malicious program code. For example, a portion of memory may be dedicated to an operating system, and that portion of memory may only be accessible to a processor when the processor is operating in a supervisor mode to prevent malicious code from corrupting the operating system. As another example, some portions of memory may be designated as either cacheable or not cacheable, and other portions of memory may be designated as bufferable or not bufferable. Access to these designated portions of memory may also be controlled to prevent unexpected results.
SUMMARY
In some implementations, a method includes receiving a signal associated with an attempted access to data that is stored at a specific location in memory; obtaining a selection value that selects which memory protection register of multiple alternative memory protection registers is to provide a memory protection attribute for the specific location in memory; obtaining, from the selected memory protection register, a memory protection attribute; and controlling access to the specific location in memory based on the obtained memory protection attribute.
The method can further include determining a region and a sub-region associated with the specific location in memory. Determining the region associated with the specific location in memory can include comparing an address associated with the specific location to address values stored in one or more address registers. Determining the region associated with the specific location in memory can include comparing an address associated with the specific location to size values stored in the one or more address registers. Determining the sub-region associated with the specific location in memory can include selecting a sub-region from a plurality of sub-regions in a determined region based on the address associated with the specific location and a size of the determined region.
Obtaining the selection value can include determining a specific portion of a selection register from which to obtain the selection value based on a determined sub-region. The obtained memory protection attribute can specify whether contents of the specific location in memory are to be bufferable. The obtained memory protection attribute can specify whether contents of the specific location in memory are to be cacheable. The obtained memory protection attribute can specify whether contents of the specific location in memory are to be accessible to an execution unit in its current mode of operation, wherein the current mode of operation is selected from the group consisting of a non-privileged mode of operation and a privileged mode of operation. Specifying whether contents of the specific location in memory are to be accessible can include specifying whether contents of the location in memory can be read from, written to or executed.
In some implementations, a method of controlling access to memory can include receiving a request for access to data that is stored at a specific location in memory; obtaining a selection value that selects which memory protection register of multiple alternative memory protection registers is to provide a memory protection attribute for the specific location in memory; obtaining, from the selected memory protection register, a memory protection attribute; and granting the request for access when the obtained memory protection attribute indicates that access is to be granted, and denying the request for access when the obtained memory attribute indicates that access is to be denied. The method can further include receiving a parameter that identifies a type of access requested.
In some implementations, an embedded device includes, within a single device package, an execution unit configurable to execute program instructions; one or more memories that are configurable to store data and program instructions to be executed by the execution unit; and a memory protection unit that is configurable to receive a signal from the execution unit requesting access to a specific location in the one or more memories. In some implementations, the memory protection unit includes two or more alternative memory parameter registers and a parameter selection register. The memory parameter selection register can be configurable to provide a value that causes one of the two or more alternative memory parameter registers to be selected, and the memory protection unit can be configurable to control access to the specific location based on one or more values stored in the selected one of the two or more alternative memory parameter registers.
In some implementations, controlling access includes selectively granting or denying the request for access. In some implementations, controlling access includes selectively enabling or disabling buffering of contents of the specific location in the one or more memories. In some implementations, controlling access includes selectively enabling or disabling caching of contents of the specific location in the one or more memories. In some implementations, controlling access includes selectively allowing the execution unit to access the specific location or issuing an exception to the execution unit that prevents the execution unit from accessing the specific location.
The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features, objects, and advantages will be apparent from the description and drawings, and from the claims.
DESCRIPTION OF DRAWINGS
FIG. 1 is a block diagram of an example system that includes a memory protection unit that provides multiple alternative sets of memory protection attributes.
FIG. 2 is an example memory map of memory that can be included in the system of FIG. 1.
FIG. 3 illustrates an example of dividing memory into regions and sub-regions.
FIG. 4 is a diagram of example registers that can be associated with sub-regions.
FIGS. 5A and 5B are block diagrams of example first and second sets of alternative memory protection attributes.
FIG. 6 is a block diagram of an example memory protection unit.
FIG. 7 is a flow diagram of an example method for determining memory parameters for a sub-region in memory.
Like reference symbols in the various drawings indicate like elements.
DETAILED DESCRIPTION
In some implementations, a device can include a memory protection unit that facilitates protection of individual portions of corresponding memory. Some memory protection units can support the configuration of various regions and sub-regions within an overall memory map, where each region or sub-region can have its own memory protection attributes (e.g., attributes that determine whether memory in the corresponding region or sub-region is cacheable, bufferable or accessible for one or more of reading, writing or executing).
In some implementations, as is described in greater detail throughout this document, multiple alternative sets of memory protection attributes can be configured and selectively applied to each region or sub-region. In particular, for example, in some implementations, each region can correspond to both a first alternative set of memory protection attributes and a second alternative set of memory protection attributes, and the memory protection unit can dynamically select (e.g., when a memory access is initiated) either memory protection attributes from the first alternative set or memory protection attributes from the second alternative set in determining whether to allow or inhibit the memory access. In other implementations, more than two sets of alternative memory protection attributes may be available. For example, some implementations include three, four, eight, or some other number of sets of alternative memory protection attributes.
FIG. 1 is a block diagram of an example system 100 that includes a memory protection unit 102 that provides multiple alternative sets of memory protection attributes. For purposes of example, the memory protection unit 102 is shown in a microcontroller 103 that also includes an execution unit 104 and memory 107. The microcontroller 103 could be, for example, a member of the Atmel AVR32 family of microcontrollers. In other implementations, the memory protection unit could be part of a memory device, a stand-alone controller device, or another device other than a microcontroller. In some implementations, various input/output resources are also provided (not shown in FIG. 1), and can be mapped to addresses within an overall memory map. In such implementations, use of input/output resources can also be controlled by the memory protection unit 102.
Memory 108 is also included in the system 100 and is shown external to the microcontroller 103. In some implementations, the memory 108 is included in the same package as the microcontroller 103. One or more buses 109 can be used for memory and data transfers between the memory 108 and the microcontroller 103. For example, as shown, one bus 109 a can be used for instructions and another bus 109 b can be used for data.
In the example microcontroller implementation shown in FIG. 1, the execution unit 104 can execute program instructions that are stored in the memory 108. Execution of other program instructions can cause data to be retrieved from the memory 108, manipulated in some manner by the execution unit 104 or stored in the memory 108.
In some implementations, the memory protection unit 102 can be used to control the above-described operations. For example, the memory protection unit 102 can employ memory protection attributes to determine whether program instructions from a particular portion of memory 108 can be executed, or whether data can be read from or written to other portions of memory 108. In addition to controlling read, write or execute-access to portions of memory 108, the memory protection unit 102 can be employed to control whether data or instructions in various portions of memory 108 are bufferable or cacheable. For example, as shown in FIG. 1, the data path can include one or more caches or buffers (e.g., instruction cache 124, data cache 126, instruction buffer 123, data buffer 128) included in memory 107, and the memory protection unit 102 can control whether data or instructions in various portions of memory 108 can be stored in or flow through one of the caches or buffers included in the memory 107.
In some implementations, attributes of different portions of memory 108 can be applied to configurable regions or sub-regions of fixed or variable size that can be configurable through the memory protection unit 102. In particular, for example, the memory protection unit 102 can include registers 110, which can be configured to specify a location for each memory region or sub-region within a device's overall memory map. In some implementations, each region has a start address and size, based on values in a corresponding configuration register. In other implementations, each region has a start address and an ending address, which can be configured through a corresponding register or registers. In some implementations, each region has its own dedicated register or registers that characterize the region within the overall memory map.
Each region can further include sub-regions. In some implementations, a fixed number of sub-regions (e.g., three, four, eight, sixteen or some other number) are evenly distributed within a region, based on the size of the region and the number of sub-regions. In other implementations, a fixed number of sub-regions may be distributed in a different manner. In particular, for example, each region may include some sub-regions of a first size and other sub-regions of a second size. In still other implementations, the number and distribution of sub-regions within a region can also be configurable through values in corresponding registers.
Other registers can store memory protection attributes that are applied to the various regions and sub-regions. For example, one or more registers can store values that specify whether particular regions or sub-regions are accessible for read, write or execution access (e.g., accessibility parameters). One or more other registers can store values that specify whether contents of particular regions or sub-regions can be buffered (e.g., bufferability parameters). One or more other registers can store values that specify whether contents of particular regions or sub-regions can be cached (e.g., cacheability parameters).
Some implementations include multiple alternative sets of registers that define multiple alternative sets of memory protection attributes. For example, in one implementation, as shown, the memory protection unit 102 includes a first set of memory protection attributes (e.g., “A” attributes 130) and a second set of memory attributes (e.g., “B” attributes 132). Each set of memory protection attributes 130 or 132 can include attributes that specify accessibility parameters for each region and sub-region, attributes that specify bufferability parameters for each region and sub-region, and attributes that specify cacheability parameters for each region and sub-region. In some implementations, other memory attributes can be included in each set.
Implementations that include multiple alternative sets of memory protection attributes can include a mechanism for specifying which of the multiple alternative sets of memory protection attributes are to be applied to specific regions or sub-regions. For example, as is described with reference to FIGS. 3, 4 and 6, some implementations include a selection register (or a selection field within a register) for each sub-region of memory, which specifies which of the alternative sets of memory protection attributes are to be applied to the corresponding sub-region. In particular, in some implementations, the memory protection unit includes one selection register for each region of memory, and each selection register includes a field for each sub-region within the region. Each field can store a value that uniquely identifies one of the alternative sets of memory protection attributes.
In some implementations, the memory protection unit 102 can be employed each time a memory access attempt or request is made (e.g., by the execution unit 104 executing program instructions). For example, if the execution unit 104 executes a read instruction directed to a specific address in instruction memory 114, the memory protection unit 102 can identify a configured region and sub-region (e.g., a region or sub-region within the memory map that is characterized by values in the registers 110) that includes the specific address. The memory protection unit 102 can then determine which set of memory protection attributes (e.g., memory protection attributes 130 or 132) are to be applied to the relevant region and sub-region. Based on the appropriate set of memory protection attributes, the memory protection unit 102 can determine whether to allow or inhibit the memory access. In some implementations, the memory protection unit 102 inhibits a memory access by asserting an exception signal 134 that triggers an exception handler 112 within the execution unit 104.
In some implementations, a current mode of the execution unit is relevant in determining whether a memory access is to be permitted. For example, certain regions or sub-regions that are configured to cover the instruction memory 114 may only be accessible to the execution unit 104 when the execution unit is in a supervisory mode (e.g., as it may be when executing operating system instructions). Accordingly, the memory protection unit 102 may receive input from the execution unit 104 that specifies a current mode, which can, in some implementations, be used in conjunction with appropriate memory protection attributes in determining whether a memory access is to be allowed or inhibited.
As shown in FIG. 1, the system 100 can include one or more caches (e.g., the data cache 126 or instruction cache 124) and one or more buffers (e.g., the instruction buffer 123 or the data buffer 128). In one implementation, as shown, the memory protection unit 102 can also control whether data can be stored in or pass through a cache or buffer, or whether data is to bypass a cache and/or buffer.
Some implementations employ caches and buffers to improve performance of a system, for example, where one or more aspects of a memory system are slower than the corresponding execution unit 104. In particular, for example, a fast cache (e.g., data cache 126) can be employed to store a copy of frequently-accessed data that is otherwise stored in a slower memory. As another example, an instruction buffer 123 can be employed to store multiple instructions retrieved from a relatively slow memory device, such as an instruction ROM. In some cases, it can be advantageous to not allow data to be buffered or cached (e.g., for security reasons or to address coherency issues). In such cases, the memory protection unit 102 can be employed to enforce buffer or cache parameters for particular regions or sub-regions of memory.
The example shown in FIG. 1 depicts a Harvard architecture, in which instructions and data have separate data paths. In other implementations, a memory protection unit can be employed within a von Neumann architecture, in which data and instructions travel over the same data path. Moreover, in other implementations, the overall arrangement of components can be different. For example, in some implementations, the memory protection unit 102 can be included within the execution unit 104. Similarly, cache and buffers can be included in the execution unit 104 in some implementations. In other implementations, buffers can be included in individual memory devices. In some implementations, the memory protection unit 102 can be a separate device that is external to the device that includes the execution unit 104. Similarly, in some implementations, cache can be implemented by stand-alone devices, separate from the device that includes the execution unit 104. In general, more than one memory protection unit can be provided. For example, one memory protection unit can be provided for the instruction path of a Harvard architecture-based device, and a second memory protection unit can be provided for the data path of the device. FIG. 1 is a non-limiting example of one architecture, but various other architectures can be employed without departing from the spirit of this document.
The memory system 107 and 108 can include various kinds of memory devices, each of which can be used for different purposes (e.g., instructions, long-term data storage, scratch pad data storage, etc.), and each of which can have different specifications and operating parameters (e.g., width, size, speed, etc.). In particular, the example in FIG. 1 depicts ROM, SRAM, DRAM and EEPROM devices. Other implementations can include different kinds of memory (e.g., NVRAM, Flash, etc.) and different arrangements of the memory.
FIG. 2 is an example memory map 200 of the memory included in the system 100 shown in FIG. 1. The memory map 200 defines an address space for various memory types, including but not limited to: ROM 118, SRAM 140 and 142, DRAM 144, internal SRAM 141 (e.g., internal registers), EEPROM 122, and memory mapped I/O 202. The memory map 200 can be a map of a flat, unsegmented memory space controlled by memory protection unit 102.
ROM 118 can be included in the instruction memory 114. In some implementations, the ROM 118 includes application program instructions that can be executed by the execution unit 104. SRAM 140 can also be included in instruction memory 114. In some implementations, the SRAM 140 includes application program instructions that may be separately loaded into the instruction memory 114 and used for a debugging mode or other type of special execution mode of the system 100.
SRAM 142, DRAM 144 and EEPROM 122 can be included in the data memory 108. In some implementations, SRAM 142 and DRAM 144 include data values used by application programs executed by the microcontroller 103. In some implementations, EEPROM 122 is used to store configuration values for a microcontroller based system. In other implementations, the EEPROM 122 includes configuration values for peripheral devices included in the microcontroller based system. The use of EEPROM 122 to store configuration values can allow, for example, the values to be customized by a user for each system in which the microcontroller may be included.
FIG. 3 illustrates an example division of the memory 108 into regions that can include sub-regions, each of which can have different memory protection attributes. In the example of FIG. 3, a protection region 302 can be configured to include a portion of the ROM 118, and the protection region 302 can include sub-regions 304, 306, 308, and 310. A memory protection unit address register 322 (MPUAR0) can be associated with region 302. In one implementation, as shown, the address register 322 can be configured to define the start address and size of the protection region 302. A second, memory protection unit address register 324 (MPUAR1) can define the start address and size of a second protection region 312 that, as shown, includes a portion of the DRAM 144 and has sub-regions 314, 316, 318, and 320.
In alternate implementations, other protection regions can cover other areas of memory shown in the memory map 200. For example, the number of protection regions that can be included in the memory space of a microcontroller (e.g., memory space mapped by the memory map 200) can be specified in a system configuration register or registers (not shown) included in the microcontroller 103. A user may program such configuration register(s) with a selected number of regions. In some implementations, for example, the memory space is divided into eight regions. In alternate implementations, the memory space can be divided into sixteen or some other number of regions. FIG. 3 illustrates two regions in the memory space mapped by memory map 200.
The protection regions can be of different sizes. In the implementation shown in FIG. 3, the size of each region is characterized by a corresponding address register. In particular, for example, the size of region 312 can be specified by size bits 326 in address register 324. Similarly, the size of region 302 can be specified by size bits 328 in address register 322. In some implementations, memory regions can be defined to cover the entire memory map 200. In other implementations, memory regions may be defined that only cover a portion of the memory map 200. In the latter case, where memory regions are only defined for portions of the memory map 200, the memory protection unit 102 can optionally be configured to disable access to memory outside of defined protection regions (e.g., by causing an exception). In other implementations, all memory is accessible, with unprotected regions being directly accessible, while memory protection attributes or protected regions are employed to enforce corresponding protection strategies.
In the implementation shown, the address register associated with each region includes the base address for the start of the protection region in memory. In particular, the start in memory of region 312 is specified by the base address 330 bits in address register 324. Similarly, the start of region 302 is specified by the base address bits 332 in address register 322.
In some implementations, a region can range in size from 4 kBytes to 4 GBytes. The size of the region can be a power of two. The start address of the region (the base address) can be an integer multiple of the region size. For example, if the region is 8 kBytes, the 13 lowest bits of the start address may be implicitly set to zero.
In other implementations, the size of a region can be specified by providing an end address for the region which can be included in an additional address register, for example, that can be associated with the region. In these implementations, the base address need not be an integer multiple of the region size.
In some implementations, each address register also includes a valid bit (e.g., valid bits 323 and 325). The valid bit can specify if the protection region is valid. In some implementations, memory protection attributes are only applied to valid regions. If a region is not valid, no memory accesses may be deemed to map to the region.
As mentioned above, each region can be divided into a number of sub-regions. In the example of FIG. 3, region 312 includes four sub-regions 314, 316, 318, and 320. In other implementations, the number of sub-regions included in a region can be another number that may be a power of two, which may divide the region into equal portions. For example, the size of region 312 is 8 kBytes. Since region 312 includes four sub-regions 314, 316, 318, and 320, each sub-region's size is equal to 2 kBytes in this example. In other implementations, a region can include eight or sixteen sub-regions, or some other number that may or may not be a power of two.
In some implementations, each region has associated with it a select register, whose contents specify which set of multiple alternative sets of memory protection attributes are to be applied to the region or to sub-regions within the region. In the example shown in FIG. 3, region 312 has associated with it memory protection unit permission select register 334 (MPUPSR1) and region 302 has associated with it memory protection unit permission select register 336 (MPUPSR0).
Each select register can be divided into n fields that correspond to n sub-regions of the region, for example, to provide additional granularity in memory attribute configurability. Each field can specify which of multiple alternative sets of memory protection attributes are to be applied to a corresponding sub-region. For example, select register 334 includes four fields—337, 338, 340, and 342—which correspond to sub-regions 320, 318, 316, 314, respectively. In this example, each field specifies whether the “A” alternative set of memory protection attributes are to be applied to the corresponding sub-region, or whether the “B” set of memory protection attributes are to be applied to the corresponding sub-region. In particular, for example, field 337 specifies that “A” attributes are to be applied to sub-region 320; field 338 specifies that “B” attributes are to be applied to sub-region 318; and so on. In implementations in which each region has its own select registers, a specific set of alternative memory protection attributes can be individually assigned to each sub-region, within each region in the memory map, providing in these implementations, considerable flexibility in memory protection.
In some implementations, a select register includes eight fields for eight sub-regions. In other implementations, a select register includes sixteen fields for sixteen sub-regions. In some implementations, each field of the select register can include multiple bits to allow more sets of properties to be supported. For example, if the fields in the register 334 or 336 included two bits, four sets of memory property registers could be supported. In some implementations, additional memory properties can be supported with the inclusion of additional memory property registers for each register set supported by the specific implementation. In the example of FIG. 3, each region is divided into the same number of sub-regions. In other implementations, each region may be divided into a different number of sub-regions.
FIG. 4 is a diagram of example registers that can be associated with the various regions and sub-regions that are shown in FIG. 3. In particular, FIG. 4 illustrates sample memory protection unit cacheability registers 402 a (MPUCRA) and 402 b (MPUCRB) that can specify alternative cacheability parameters for each region (e.g., fields 404 a and 416 a can specify alternative cacheability parameters for the first region 302; fields 405 a and 417 a can specify alternative cacheability parameters for the second region 312; etc.); sample memory protection unit bufferability registers 406 a (MPUBRA) and 406 b MPUBRB) that can specify alternative bufferability parameters for each region; and sample memory protection unit access permission registers 410 a (MPUAPRA) and 410 b (MPUAPRB) that can specify alternative access permissions for each region.
In the implementation shown, the sample cacheability register 402 a, bufferable register 406 a, and the access permission register 410 a make up a first set of alternative memory protection parameters (e.g., the “A” register set 130, as shown in FIG. 1). A second alternative set of memory protection parameters (e.g., the “B” register set 132, as shown in FIG. 1) can include a second memory protection unit cacheable register 402 b (MPUCRB), a second memory protection unit bufferable register 406 b (MPUBRB), and a second memory protection unit access permission register 410 b (MPUAPRB). Additional alternative sets of memory protection attributes can be included but are not shown in FIG. 4.
As described above, a select register (e.g., the select register 336) can be used to select which of the alternative sets of memory protection attributes are to be applied to a specific sub-region within the region corresponding to the select register. As shown, the select register 336 includes four fields: 344, 346, 348, 350—each of which is associated with sub-regions 310, 308, 306, and 304, respectively. In particular, field 348, the third field of select register 336, can specify that memory parameters in the “A” register set 130 are to be applied to the third sub-region 306 of the first region (e.g., rather than memory protection parameters from register set “B”). That is, cacheability parameters from the “A” register set 130 (e.g., from the register 402 a), bufferability parameters from the “A” register set 130 (e.g., from the register 406 a) and access permission parameters from the “A” register set 130 (e.g., from the register 410 a) can be applied to the third sub-region 306 of the first region 302.
In some implementations, as is illustrated in FIG. 4, each of the parameter registers are themselves divided into as many fields as there are regions. The particular field that supplies a memory parameter for a particular region corresponds to the number of the particular region. That is, in a cacheability register having four fields, the third field supplies cacheability parameters for the third region; the second field supplies cacheability parameters for the second region; and so on. In particular, the cacheability register 402 a includes four fields, one field for each region. The first field in the cacheability register 402 a, field 404 a, can specify a first alternative cacheability parameter for region 302. A field 404 a value equal to “1” can specify, for example, that, when the “A” set of parameters is selected for a given sub-region, the region 302 (in particular, the corresponding sub-region of region 302) is cacheable. Bufferability register 406 a also includes four fields, one field for each region. The first field in the bufferability register 406 a, field 404 b, can specify a first alternative bufferability parameter of region 302. A field 404 b value equal to “0” can specify, for example, that, when the “A” set of parameters is selected for a given sub-region, the region 302 (in particular, the corresponding sub-region of region 302) is not bufferable. Access permission register 410 a also includes four fields, one field for each region. The first field in the access permission register 410 a, field 404 c, can specify a first alternative set of access permissions of region 302. A field 404 c value equal to “0100” can specify, for example, that, when the “A” set of parameters is selected for a given sub-region, the region 302 (in particular, the corresponding sub-region of region 302) is read-only.
A second set of alternative memory parameters can be provided by cacheability register 402 b, bufferability register 406 b and access permission register 410 b. In particular, the first fields of these registers, 416 a, 416 b and 416 c, can respectively specify second alternative cacheability, bufferability and access permission parameters for the first region 302. As described above, a field in the first region's select register (e.g., MPUPSR0 336) can select which set of alternative parameters are to be applied to a corresponding sub-region. For example, field 344 specifies that “B” memory parameters (e.g., parameters specified by fields 416 a, 416 b and 416 c) are to be applied to the first sub-region of the first region; as another example, field 348 specifies that “A” memory parameters (e.g., parameters specified by fields 404 a, 404 b and 404 c) are to be applied to the third sub-region of the first region. In various implementations, the above-described arrangement and scheme for decoding memory parameters provides considerable flexibility in configuring memory protection.
In some implementations, the value of an access permission field can specify different access permissions, depending on a privilege mode associated with the execution unit. For example, with reference to the table of example encoded values for other access permission modes, shown below, a value of “0001” can specify read and execute access to a region when the execution unit is in a supervisory mode; but the same value can specify no access if the execution unit is in a normal mode. Other values are provided in the table below as non-limiting examples of various combinations of access permissions that can be stored in the access permission registers 410 a and 410 b.
Permission in Permission in
privileged mode non-privileged mode
Encoded value (e.g., supervisory mode) (e.g., normal mode)
0000 Read None
0001 Read/Execute None
0010 Read/Write None
0011 Read/Write/Execute None
0100 Read Read
0101 Read/Execute Read/Execute
0110 Read/Write Read/Write
0111 Read/Write/Execute Read/Write/Execute
1000 Read/Write Read
1001 Read/Write Read/Execute
1010 None None
Other UNDEFINED UNDEFINED
FIG. 5A is a diagram of example aggregate memory parameters (e.g., access, bufferability and cacheability parameters) for the “A” register set 130 based on example bit encodings for each field of the corresponding registers. In particular, example parameters that are encoded by the fields of the cacheability register 402 a, the bufferable register 406 a, and the access permission register 410 a are depicted in FIG. 5A. The memory parameters 508, which correspond to the first region 302, are specified in this example by corresponding first fields 404 a, 404 b and 404 c in the cacheability, bufferability and access permission registers, respectively.
FIG. 5B is a diagram of example aggregate memory parameters for the “B” register set 132. In particular, for example, memory parameters 516 are specified by fields 416 a, 416 b and 416 c. These fields also specify memory parameters for the first region 302, but for the “B” register set. Thus, the memory 516 parameters would be active in a sub-region of the first region whose select register field specifies the “B” set of memory parameters (e.g., as depicted in FIG. 4, the first and second sub-regions, as specified by fields 344 and 346).
As described above, each region can have its own select register (such as the select register 336, corresponding to region 0); thus, considerable flexibility is possible within the above-described memory protection scheme. Moreover, some implementations support more than two sets of alternative memory protection parameters (e.g, by increasing the number of bits in various fields of the registers), thereby providing additional flexibility.
FIG. 6 is a block diagram showing additional details of an example memory protection unit. In some implementations, the execution unit 104, shown in FIG. 1, can generate an address (ADDR 602). A region hit check module 604 can identify the region and sub-region to which the memory access of address ADDR 602 maps. This can be determined, for example, by comparing the address to each of the address registers. More specifically, the address can be compared to a starting address and size in each address register to determine which region the address maps to. Then, based on the size of the region, the number and distribution of sub-regions within the region (e.g., uniform distribution or some other non-uniform distribution), and the difference between the generated address and the region's base address, the region hit check module 604 can identify the sub-region.
In some implementations, if the address maps to multiple regions (e.g., in implementations in which the regions are configured to overlap), a “multi” exception signal 608 can be asserted and the memory access may be aborted or inhibited. In other implementations, a priority scheme can be applied to select one of multiple overlapping regions to which a generated address maps. If the address maps to no region, a “none” exception signal 606 can be asserted, in some implementations, and the memory access may not be performed. In particular, for example, the exception signal can be sent to the exception handler 112 to be handled by the execution unit 104. In other implementations, accesses to memory regions that are not protected may simply be allowed to proceed.
Once the region hit check 604 identifies the region (e.g., region 302) and the sub-region (e.g., sub-region 306) to which the address maps, the memory protection unit 102 can identify and enforce memory protection parameters associated with the identified sub-region. In particular, a select register that corresponds to the identified region (e.g., the first select register, MPUPSR0 336) can be used to identify which of the alternative sets of memory protection attributes are to be applied to the sub-region of memory being accessed. In particular, a field within the select register (e.g., the third field) that corresponds to the position of the identified sub-region (e.g., the third sub-region) can be used to identify which of the alternative sets of memory protection attributes are to be applied. In this example, the third field of the select register 336 (field 348) specifies the “A” set of alternative memory protection attributes (e.g., attributes 508 specified by fields 404 a, 404 b and 404 c). As depicted in one implementation in FIG. 6, this field can be used to control a multiplexer 610 that can route the appropriate set of alternative memory protection attributes to a privilege check module 616.
The privilege check module 616 can apply the alternative memory protection attributes provided to it in order to determine whether to allow or inhibit the memory attempted memory access. For example, the privilege check module 616 can issue various control signals and exception signals to enforce a memory protection scheme. In particular, as one example, the privilege check module 616 can assert an instruction protection exception signal (“iprot” 624) if an attempted access to instruction memory violates the relevant protection scheme, and the privilege check module 616 can assert a similar data protection exception signal (“dprot” 626) if an attempted access to data memory violates the relevant protection scheme. In some implementations, such exception signals can be routed to an exception handler, such as the exception handler 112 that is shown in FIG. 1. As another example, the privilege check module 616 can assert control signals to enable or disable instruction or data caches (“icach” 628 and “dcach” 630, respectively) or to enable or disable instruction or data buffers (“ibuf” 631 and “dbuf” 632, respectively).
In one implementation, as shown, the privilege check module 616 includes additional inputs which can be used in enforcing a memory protection policy. In particular, the privilege check module 616 can receive a signal 618 that indicates whether the execution unit is in a privileged or supervisory mode, a signal 620 that indicates whether the attempted memory access is a write or a read, and a signal 622 that indicates whether memory access is directed to instruction or data memory (e.g., in a Harvard-architecture device).
Only one memory protection “channel” is depicted in FIG. 6, but in some implementations, a memory protection unit can include two or more channels (e.g., one for instruction fetches and one for data access). In some implementations, the channels can be implemented by two separate memory protection units; in other implementations, the two channels can be implemented by a single memory protection unit.
FIG. 7 is a flow diagram of an example method 700 for enforcing memory protection parameters for a sub-region in memory. The method 700 can start, for example, when the execution unit 104 generates a request for a memory access at a specific address (ADDR) (box 702). In some implementations, a memory protection unit control register (not shown in the previous figures) can be checked to determine whether memory protection is enabled (box 704). If memory protection (e.g., address checking) is disabled, the method 700 can end; and if address checking is enabled, the method 700 continues.
A region in memory can be identified based on the address value, ADDR (box 706). In particular, the region hit check module 604, shown in FIG. 6, can identify which region and sub-region the memory access at ADDR 602 maps to (boxes 706 and 708) using the values in the address registers. In some implementations, the region hit check module 604 can determine, in box 710, if the address maps to a valid region (e.g., to exactly one region, in some implementations). If the address maps to multiple regions or no region, exception signals can be asserted (711) to the exception handler 112, causing, in one implementation as shown, the access to be aborted or inhibiting, and causing the method 700 to end; if the address is valid, the method 700 can continue.
Appropriate memory protection attributes can be identified. In particular, for example, an appropriate set of alternative memory protection attributes can be identified, and specific protection attributes within the set can be obtained (e.g., based on value(s) in an appropriate selection register), and other values in appropriate fields of corresponding cacheability, bufferability and access permission registers can be obtained (box 712). More specifically, as described with reference to FIG. 6, a region to which the address maps can be associated with a select register (e.g., register 336). The field in the select register corresponding to the sub-region to which the address maps can specify the appropriate alternative set of memory parameters (e.g., the “A” register set 130 or the “B” register set 132), from which specific memory properties for the sub-region can be drawn. The memory properties for the sub-region can be provided by fields in the various corresponding memory protection registers (e.g., a cacheability register, a bufferability register and an access permissions register) that correspond to the region.
The privilege check module 616 can then determine (box 722) whether the attempted access is allowed by the implemented memory protection policy. If so, the memory access can be allowed (box 724). If the attempted access is not allowed by the implemented memory protection policy, the memory access can be blocked or inhibited, and the memory protection unit may additionally generate an exception (box 726).
In some implementations, the current microcontroller privilege level is relevant to determining whether an attempted access is allowed. Whether the memory access is an attempted write or an attempted read, and whether the access is directed to instruction or data memory may also be relevant to determining whether an attempted access is allowed. If any of privilege, access type or access target (e.g., data memory or instruction memory) are relevant to a memory protection scheme, this information can also be identified (identification not shown in FIG. 7).
A number of implementations have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the disclosed implementations. Accordingly, other implementations are within the scope of the following claims.

Claims (12)

1. A method comprising:
selecting a set of memory protection registers from two or more sets of memory protection registers, the sets of memory protection registers containing memory protection attributes to be applied to a sub-region of memory, where the sub-region of memory is part of a region of memory and less than the entire region of memory, and the region of memory is associated with a selection register having a number of fields associated with a number of sub-regions of memory, and where the selecting is based on contents of a field of the selection register associated with the sub-region and the contents of the field indicate the set of memory protection registers; and
controlling access to the sub-region based on at least one of the memory protection attributes.
2. The method of claim 1, further comprising receiving a signal associated with an attempted access to data that is stored in the sub-region of memory.
3. The method of claim 2, further comprising:
determining the sub-region by associated comparing an address associated with the sub-region to address values stored in one or more address registers.
4. The method of claim 1, wherein the at least one memory protection attribute specifies whether contents of a specific location in memory corresponding to the sub-region, are allowed to be buffered.
5. The method of claim 1, wherein the at least one memory protection attribute specifies whether contents of a specific location in memory corresponding to the sub-region, are to be cacheable.
6. The method of claim 1, wherein the at least one memory protection attribute specifies whether contents of specific location in memory corresponding to the sub-region, are to be accessible to an execution unit in its current mode of operation, wherein the current mode of operation is selected from the group consisting of a non-privileged mode of operation and a privileged mode of operation.
7. The method of claim 6, wherein specifying whether contents of the specific location in memory are to be accessible comprises specifying whether contents of the specific location in memory-can be read from, written to or executed.
8. An embedded device comprising, within a single device package:
an execution unit configurable to execute program instructions;
one or more memories that are configurable to store data and program instructions to be executed by the execution unit; and
a memory protection unit that is configurable for:
selecting a set of memory protection registers from two or more sets of memory protection registers, the sets of memory protection registers containing memory protection attributes to be applied to a sub-region of memory, where the sub-region of memory is part of a region of memory and less than the entire region of memory, and the region of memory is associated with a selection register having a number of fields associated with a number of sub-regions of memory, and where the selecting is based on contents of a field of the selection register associated with the sub-region and the contents of the field indicate the set of memory protection registers; and
controlling access to the sub-region based on at least one of the memory protection attributes.
9. The embedded device of claim 8, wherein controlling access comprises selectively granting or denying a request for access.
10. The embedded device of claim 8, wherein controlling access comprises selectively enabling or disabling buffering of contents of a specific location in memory corresponding to the sub-region.
11. The embedded device of claim 8, wherein controlling access comprises selectively enabling or disabling caching of contents of a specific location in memory corresponding to the sub-region.
12. The embedded device of claim 8, wherein controlling access comprises selectively allowing the execution unit to access a specific location in memory corresponding to the sub-region, or issuing an exception to the execution unit that prevents the execution unit from accessing the specific location in memory.
US11/744,573 2007-05-04 2007-05-04 Configurable memory protection Active 2029-01-18 US8051263B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US11/744,573 US8051263B2 (en) 2007-05-04 2007-05-04 Configurable memory protection
PCT/US2008/061175 WO2008137316A1 (en) 2007-05-04 2008-04-22 Configurable memory protection
TW097116389A TW200903255A (en) 2007-05-04 2008-05-02 Configurable memory protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/744,573 US8051263B2 (en) 2007-05-04 2007-05-04 Configurable memory protection

Publications (2)

Publication Number Publication Date
US20080276051A1 US20080276051A1 (en) 2008-11-06
US8051263B2 true US8051263B2 (en) 2011-11-01

Family

ID=39580136

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/744,573 Active 2029-01-18 US8051263B2 (en) 2007-05-04 2007-05-04 Configurable memory protection

Country Status (3)

Country Link
US (1) US8051263B2 (en)
TW (1) TW200903255A (en)
WO (1) WO2008137316A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9430409B2 (en) 2012-06-27 2016-08-30 Nordic Semiconductor Asa Memory protection
WO2017163204A1 (en) * 2016-03-23 2017-09-28 Craig Michael Horn A memory management system and method
US20180343234A1 (en) * 2017-05-26 2018-11-29 Microsoft Technology Licensing, Llc Subsystem firewalls
US10346345B2 (en) 2017-05-26 2019-07-09 Microsoft Technology Licensing, Llc Core mapping
US10353815B2 (en) 2017-05-26 2019-07-16 Microsoft Technology Licensing, Llc Data security for multiple banks of memory
US10659455B2 (en) 2014-04-09 2020-05-19 Cardex Systems Inc. Self-authenticating chips

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200805065A (en) * 2006-01-17 2008-01-16 Nxp Bv Region protection unit, instruction set and method for protecting a memory region
JP4939387B2 (en) * 2007-12-06 2012-05-23 ルネサスエレクトロニクス株式会社 Data processing apparatus and address space protection method
US8301856B2 (en) * 2010-02-16 2012-10-30 Arm Limited Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag
EP2383654A1 (en) * 2010-04-28 2011-11-02 Siemens Aktiengesellschaft A memory device and a firmware configurator
US20130111181A1 (en) * 2011-10-31 2013-05-02 Lsi Corporation Methods and apparatus for increasing device access performance in data processing systems
KR20130050156A (en) * 2011-11-07 2013-05-15 한국전자통신연구원 Apparatus for translating virtual address space
US9323533B2 (en) 2011-12-29 2016-04-26 Intel Corporation Supervisor mode execution protection
US9495305B1 (en) 2012-11-02 2016-11-15 David Fuchs Detecting pointer errors for memory protection
US9720843B2 (en) * 2012-12-28 2017-08-01 Intel Corporation Access type protection of memory reserved for use by processor logic
US20140195747A1 (en) * 2013-01-08 2014-07-10 Greentec-Usa, Inc. Write Once Read Many Media Systems
US9395993B2 (en) * 2013-07-29 2016-07-19 Intel Corporation Execution-aware memory protection
US9513692B2 (en) * 2013-09-18 2016-12-06 Intel Corporation Heterogenous memory access
US9411600B2 (en) * 2013-12-08 2016-08-09 Intel Corporation Instructions and logic to provide memory access key protection functionality
US9307409B2 (en) 2013-12-27 2016-04-05 Intel Corporation Apparatus, system and method of protecting domains of a multimode wireless radio transceiver
GB2522906B (en) * 2014-02-10 2021-07-14 Advanced Risc Mach Ltd Region identifying operation for identifying a region of a memory attribute unit corresponding to a target memory address
US9710404B2 (en) * 2015-03-23 2017-07-18 Intel Corporation Dynamic configuration and peripheral access in a processor
US10114958B2 (en) 2015-06-16 2018-10-30 Microsoft Technology Licensing, Llc Protected regions
JP6504984B2 (en) * 2015-09-28 2019-04-24 ルネサスエレクトロニクス株式会社 Data processor
US20170139844A1 (en) * 2015-11-17 2017-05-18 Silicon Laboratories Inc. Asymmetric memory
US10824572B2 (en) * 2016-09-09 2020-11-03 Cylance Inc. Memory space protection
DE102016220639A1 (en) 2016-10-20 2018-04-26 Infineon Technologies Ag Memory protection unit and method for protecting a memory address space
US10671547B2 (en) 2016-12-19 2020-06-02 Intel Corporation Lightweight trusted tasks
US11481241B2 (en) 2018-08-30 2022-10-25 Micron Technology, Inc. Virtual machine register in a computer processor
US11182507B2 (en) 2018-08-30 2021-11-23 Micron Technology, Inc. Domain crossing in executing instructions in computer processors
US10915465B2 (en) 2018-08-30 2021-02-09 Micron Technology, Inc. Memory configured to store predefined set of domain registers for instructions being executed in computer processors
US10915457B2 (en) 2018-08-30 2021-02-09 Micron Technology, Inc. Memory access control through permissions specified in page table entries for execution domains
US10942863B2 (en) 2018-08-30 2021-03-09 Micron Technology, Inc. Security configurations in page table entries for execution domains using a sandbox application operation
US11914726B2 (en) * 2018-08-30 2024-02-27 Micron Technology, Inc. Access control for processor registers based on execution domains
US11500665B2 (en) 2018-08-30 2022-11-15 Micron Technology, Inc. Dynamic configuration of a computer processor based on the presence of a hypervisor
US11256427B2 (en) * 2018-12-28 2022-02-22 Micron Technology, Inc. Unauthorized memory access mitigation
US11256631B1 (en) * 2020-01-17 2022-02-22 Ralph Crittenden Moore Enhanced security via dynamic regions for memory protection units (MPUs)
US20230350805A1 (en) * 2022-04-29 2023-11-02 Cadence Design Systems, Inc. Technique for Overriding Memory Attributes

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5325499A (en) 1990-09-28 1994-06-28 Tandon Corporation Computer system including a write protection circuit for preventing illegal write operations and a write poster with improved memory
US5649159A (en) * 1994-08-31 1997-07-15 Motorola, Inc. Data processor with a multi-level protection mechanism, multi-level protection circuit, and method therefor
US6021476A (en) * 1997-04-30 2000-02-01 Arm Limited Data processing apparatus and method for controlling access to a memory having a plurality of memory locations for storing data values
US6484227B1 (en) 1999-08-23 2002-11-19 Advanced Micro Devices, Inc. Method and apparatus for overlapping programmable address regions
US6519690B1 (en) * 1999-08-23 2003-02-11 Advanced Micro Devices, Inc. Flexible address programming with wrap blocking
US20030101322A1 (en) 2001-10-25 2003-05-29 Gardner Robert D. Protection of user process data in a secure platform architecture
US6697276B1 (en) 2002-02-01 2004-02-24 Netlogic Microsystems, Inc. Content addressable memory device
WO2004046934A2 (en) 2002-11-18 2004-06-03 Arm Limited Secure memory for protecting against malicious programs
US6901505B2 (en) 2001-08-09 2005-05-31 Advanced Micro Devices, Inc. Instruction causing swap of base address from segment register with address from another register
US6904504B2 (en) * 2001-11-14 2005-06-07 Intel Corporation Method and apparatus for software selection of protected register settings
US20050268058A1 (en) * 2004-05-27 2005-12-01 Microsoft Corporation Alternative methods in memory protection
US7068545B1 (en) * 2005-01-04 2006-06-27 Arm Limited Data processing apparatus having memory protection unit
US20070011419A1 (en) * 2005-07-07 2007-01-11 Conti Gregory R Method and system for a multi-sharing security firewall
US20070250675A1 (en) * 2006-04-20 2007-10-25 Nec Electronics Corporation Microcomputer and method for controlling memory access

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5325499A (en) 1990-09-28 1994-06-28 Tandon Corporation Computer system including a write protection circuit for preventing illegal write operations and a write poster with improved memory
US5649159A (en) * 1994-08-31 1997-07-15 Motorola, Inc. Data processor with a multi-level protection mechanism, multi-level protection circuit, and method therefor
US6021476A (en) * 1997-04-30 2000-02-01 Arm Limited Data processing apparatus and method for controlling access to a memory having a plurality of memory locations for storing data values
US6484227B1 (en) 1999-08-23 2002-11-19 Advanced Micro Devices, Inc. Method and apparatus for overlapping programmable address regions
US6519690B1 (en) * 1999-08-23 2003-02-11 Advanced Micro Devices, Inc. Flexible address programming with wrap blocking
US6901505B2 (en) 2001-08-09 2005-05-31 Advanced Micro Devices, Inc. Instruction causing swap of base address from segment register with address from another register
US20030101322A1 (en) 2001-10-25 2003-05-29 Gardner Robert D. Protection of user process data in a secure platform architecture
US6904504B2 (en) * 2001-11-14 2005-06-07 Intel Corporation Method and apparatus for software selection of protected register settings
US6697276B1 (en) 2002-02-01 2004-02-24 Netlogic Microsystems, Inc. Content addressable memory device
WO2004046934A2 (en) 2002-11-18 2004-06-03 Arm Limited Secure memory for protecting against malicious programs
US20050268058A1 (en) * 2004-05-27 2005-12-01 Microsoft Corporation Alternative methods in memory protection
US7068545B1 (en) * 2005-01-04 2006-06-27 Arm Limited Data processing apparatus having memory protection unit
US20070011419A1 (en) * 2005-07-07 2007-01-11 Conti Gregory R Method and system for a multi-sharing security firewall
US20070250675A1 (en) * 2006-04-20 2007-10-25 Nec Electronics Corporation Microcomputer and method for controlling memory access

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
"AVR101: High Endurance EEPROM", ARM1156T2F-S Technical Reference Manual Rev.RUpl, ARM Ltd., , Chapter 3 pp. 61-60 and Chapter 5 p. 7. *
"AVR101: High Endurance EEPROM", ARM1156T2F-S Technical Reference Manual Rev.RUpl, ARM Ltd., <www.arm.com/pdfs/DDI0290C—arm1156t2fs—r0p0—trm.pdf>, Chapter 3 pp. 61-60 and Chapter 5 p. 7. *
"Introduction to the Cortex-M3 Processor," white paper available at http://www.arm.com/pdfs/IntroToCortex-M3.pdf, 17 pages, Oct. 2006.
ARM Cortex-M3 Datasheet, available at http://www.arm.com/pdfs/Cortex-M3-DS.pdf, 4 pages, Jan. 2003.
International Search Report & Written Opinion, PCT/US/2008/061175, mailed Jul. 30, 2008, 12 pages.
TMS470R1x System Module Reference Guide, available at http://focus.ti.com/lit/ug/spnu189h/spnu189h.pdf, 132 pages, Nov. 2004.

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9430409B2 (en) 2012-06-27 2016-08-30 Nordic Semiconductor Asa Memory protection
EP3702923A1 (en) 2012-06-27 2020-09-02 Nordic Semiconductor ASA Memory protection
US10659455B2 (en) 2014-04-09 2020-05-19 Cardex Systems Inc. Self-authenticating chips
US11336642B2 (en) 2014-04-09 2022-05-17 Cardex Systems Inc. Self-authenticating chips
WO2017163204A1 (en) * 2016-03-23 2017-09-28 Craig Michael Horn A memory management system and method
US20180343234A1 (en) * 2017-05-26 2018-11-29 Microsoft Technology Licensing, Llc Subsystem firewalls
US10346345B2 (en) 2017-05-26 2019-07-09 Microsoft Technology Licensing, Llc Core mapping
US10353815B2 (en) 2017-05-26 2019-07-16 Microsoft Technology Licensing, Llc Data security for multiple banks of memory
US10587575B2 (en) * 2017-05-26 2020-03-10 Microsoft Technology Licensing, Llc Subsystem firewalls
US10783075B2 (en) 2017-05-26 2020-09-22 Microsoft Technology Licensing, Llc Data security for multiple banks of memory
US11444918B2 (en) * 2017-05-26 2022-09-13 Microsoft Technology Licensing, Llc Subsystem firewalls

Also Published As

Publication number Publication date
WO2008137316A1 (en) 2008-11-13
TW200903255A (en) 2009-01-16
US20080276051A1 (en) 2008-11-06

Similar Documents

Publication Publication Date Title
US8051263B2 (en) Configurable memory protection
US8949551B2 (en) Memory protection unit (MPU) having a shared portion and method of operation
US8352694B2 (en) Method of controlling memory access
JP6652491B2 (en) Area specifying operation for specifying the area of the memory attribute unit corresponding to the target memory address
US9430409B2 (en) Memory protection
JP7449273B2 (en) Range check command
US9116845B2 (en) Remote permissions provisioning for storage in a cache and device therefor
US20180095902A1 (en) Enforcing memory operand types using protection keys
CN103383667B (en) Memory protection circuit, processing unit and memory-protection method
KR20180033467A (en) Processor with advanced operating system support
US20130254491A1 (en) Controlling a processor cache using a real-time attribute
US8639895B2 (en) Systems and methods for memory region descriptor attribute override
US20120215989A1 (en) Memory protection in a data processing system
GB2440968A (en) Protecting system control registers in a data processing apparatus
TWI797347B (en) Apparatus, method and computer program with memory protection unit using memory protection table stored in memory system to control access to memory
JP6071341B2 (en) Memory management unit with region descriptor globalization control
US20080052467A1 (en) System for restricted cache access during information transfers and method thereof
US7716453B2 (en) Descriptor-based memory management unit and method for memory management
US11119941B2 (en) Capability enforcement controller
US20230409494A1 (en) Technique for constraining access to memory using capabilities
KR20230058678A (en) Memory protection for vector operations

Legal Events

Date Code Title Description
AS Assignment

Owner name: ATMEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RENNO, ERIK KNUTSEN;REEL/FRAME:019362/0955

Effective date: 20070503

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC. AS ADMINISTRATIVE AGENT, NEW YORK

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:ATMEL CORPORATION;REEL/FRAME:031912/0173

Effective date: 20131206

Owner name: MORGAN STANLEY SENIOR FUNDING, INC. AS ADMINISTRAT

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:ATMEL CORPORATION;REEL/FRAME:031912/0173

Effective date: 20131206

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: ATMEL CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT COLLATERAL;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC.;REEL/FRAME:038376/0001

Effective date: 20160404

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT, ILLINOIS

Free format text: SECURITY INTEREST;ASSIGNOR:ATMEL CORPORATION;REEL/FRAME:041715/0747

Effective date: 20170208

Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT

Free format text: SECURITY INTEREST;ASSIGNOR:ATMEL CORPORATION;REEL/FRAME:041715/0747

Effective date: 20170208

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT, ILLINOIS

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INCORPORATED;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:046426/0001

Effective date: 20180529

Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INCORPORATED;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:046426/0001

Effective date: 20180529

AS Assignment

Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT, CALIFORNIA

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INCORPORATED;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:047103/0206

Effective date: 20180914

Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES C

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INCORPORATED;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:047103/0206

Effective date: 20180914

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT, DELAWARE

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INC.;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:053311/0305

Effective date: 20200327

AS Assignment

Owner name: ATMEL CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A, AS ADMINISTRATIVE AGENT;REEL/FRAME:053466/0011

Effective date: 20200529

Owner name: SILICON STORAGE TECHNOLOGY, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A, AS ADMINISTRATIVE AGENT;REEL/FRAME:053466/0011

Effective date: 20200529

Owner name: MICROSEMI CORPORATION, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A, AS ADMINISTRATIVE AGENT;REEL/FRAME:053466/0011

Effective date: 20200529

Owner name: MICROSEMI STORAGE SOLUTIONS, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A, AS ADMINISTRATIVE AGENT;REEL/FRAME:053466/0011

Effective date: 20200529

Owner name: MICROCHIP TECHNOLOGY INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A, AS ADMINISTRATIVE AGENT;REEL/FRAME:053466/0011

Effective date: 20200529

AS Assignment

Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, MINNESOTA

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INC.;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:053468/0705

Effective date: 20200529

AS Assignment

Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT, MINNESOTA

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INCORPORATED;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:055671/0612

Effective date: 20201217

AS Assignment

Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT, MINNESOTA

Free format text: SECURITY INTEREST;ASSIGNORS:MICROCHIP TECHNOLOGY INCORPORATED;SILICON STORAGE TECHNOLOGY, INC.;ATMEL CORPORATION;AND OTHERS;REEL/FRAME:057935/0474

Effective date: 20210528

AS Assignment

Owner name: MICROSEMI STORAGE SOLUTIONS, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:059333/0222

Effective date: 20220218

Owner name: MICROSEMI CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:059333/0222

Effective date: 20220218

Owner name: ATMEL CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:059333/0222

Effective date: 20220218

Owner name: SILICON STORAGE TECHNOLOGY, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:059333/0222

Effective date: 20220218

Owner name: MICROCHIP TECHNOLOGY INCORPORATED, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:059333/0222

Effective date: 20220218

AS Assignment

Owner name: ATMEL CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:059262/0105

Effective date: 20220218

AS Assignment

Owner name: MICROSEMI STORAGE SOLUTIONS, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059358/0001

Effective date: 20220228

Owner name: MICROSEMI CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059358/0001

Effective date: 20220228

Owner name: ATMEL CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059358/0001

Effective date: 20220228

Owner name: SILICON STORAGE TECHNOLOGY, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059358/0001

Effective date: 20220228

Owner name: MICROCHIP TECHNOLOGY INCORPORATED, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059358/0001

Effective date: 20220228

AS Assignment

Owner name: MICROSEMI STORAGE SOLUTIONS, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059863/0400

Effective date: 20220228

Owner name: MICROSEMI CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059863/0400

Effective date: 20220228

Owner name: ATMEL CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059863/0400

Effective date: 20220228

Owner name: SILICON STORAGE TECHNOLOGY, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059863/0400

Effective date: 20220228

Owner name: MICROCHIP TECHNOLOGY INCORPORATED, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059863/0400

Effective date: 20220228

AS Assignment

Owner name: MICROSEMI STORAGE SOLUTIONS, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059363/0001

Effective date: 20220228

Owner name: MICROSEMI CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059363/0001

Effective date: 20220228

Owner name: ATMEL CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059363/0001

Effective date: 20220228

Owner name: SILICON STORAGE TECHNOLOGY, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059363/0001

Effective date: 20220228

Owner name: MICROCHIP TECHNOLOGY INCORPORATED, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:059363/0001

Effective date: 20220228

AS Assignment

Owner name: MICROSEMI STORAGE SOLUTIONS, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:060894/0437

Effective date: 20220228

Owner name: MICROSEMI CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:060894/0437

Effective date: 20220228

Owner name: ATMEL CORPORATION, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:060894/0437

Effective date: 20220228

Owner name: SILICON STORAGE TECHNOLOGY, INC., ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:060894/0437

Effective date: 20220228

Owner name: MICROCHIP TECHNOLOGY INCORPORATED, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:060894/0437

Effective date: 20220228

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12